MGASA-2021-0340

See a problem?
Please try reporting it to the source first.

Source

https://advisories.mageia.org/MGASA-2021-0340.html

Import Source

https://advisories.mageia.org/MGASA-2021-0340.json

JSON Data

https://api.osv.dev/v1/vulns/MGASA-2021-0340

Related

CVE-2016-8605

Published

2021-07-12T20:26:21Z

Modified

2021-07-12T19:36:15Z

Summary

Updated guile1.8 packages fix security vulnerabilities

Details

The mkdir procedure of GNU Guile temporarily changed the process' umask to zero. During that time window, in a multithreaded application, other threads could end up creating files with insecure permissions. For example, mkdir without the optional mode argument would create directories as 0777. This is fixed in Guile 2.0.13. Prior versions are affected (CVE-2016-8605).

References

Credits

- Mageia - COORDINATOR
- - https://wiki.mageia.org/en/Packages_Security_Team

Affected packages

Mageia:7 / guile1.8

Package

Name: guile1.8
Purl: pkg:rpm/mageia/guile1.8?arch=source&distro=mageia-7

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.8.8-25.1.mga7

Ecosystem specific

{
    "section": "core"
}